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WHAT IS CLAIMED IS: 

1. A method for compiling parser scripts each corresponding to the structure of security data 
received from a network component comprising the steps of: 
5 a) identifying sets of data categories, each set corresponding to security data received 

from one of a plurality of network components; 

b) constructing database record definitions, each defining a record subdivided in 
accordance with one of the sets of data categories; 

c) writing parser scripts that receive security data from the network components and 
10 output records, each record corresponding to one of the record definitions; and 

h§ d) storing said parser scripts. 

sa 

^ 2. The method of claim 1 further comprising the steps of: 

e) determining the format of each category in said sets; 

1 5 | g f) formatting the subdivisions to match the formats of the categories of the set to which 

i\ the definition corresponds; and wherein 

fU each of the output records of step (c) correspond in format to one of the record definitions. 

|£ 

pi 

■ 3. The method of claim 1 further comprising the steps of: 
20 e) building database tables in a relational database each having the fields of one of the 

database record definitions; and 

f) inserting output records received from the parser scripts into the tables. 

4. The method of claim 2 further comprising the steps of: 
25 g) building database tables in a relational database each having the fields and formats of 

one of the database record definitions; and 
h) inserting output records received from the parser scripts into the tables. 
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The method of claim 1 wherein: 

at least one of the sets of data categories is identified, at least in part, from the product 
specifications of the network components. 



The method of claim 1 wherein: 

at least one of the sets of data categories is identified, at least in part, by applying a 
Management Information Base (MJB) integrator to a Management Information Base for the 
corresponding network component. 

An information network security data compilation system, comprising: 

a) a first network component; 

b) a second network component; and 

c) a data parser coupled to the first and second network components having access to 
a first parser script and a second parser script, the data parser is operable to produce 
categorized data from the data received from the first and second network 
components with the first and second parser scripts, respectively. 



The data compilation system of claim 7 wherein: 

a) the first network component is a firewall and 

b) the second network component is an intrusion detection system. 



The data compilation system of claim 7 further comprising: 

a) a third network component and 

b) a distributed data manager; and wherein: 

the data parser is coupled to the second and third network components through the 
distributed data manager which collects and compresses data from the second and third 
network components and forwards the compressed data to the data parser. 
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10. The data compilation system of claim 7 further comprising: 

a) a third network component; 

b) a second data parser coupled to the third component having access to a third parser 
script, the second data parser operable to produce categorized data from the data 

5 received from the third network component with the third parser script; and 

c) a relational database coupled to the first and second data parsers. 

1 1 . The data compilation system of claim 7 further comprising: 
a) a display coupled to the data parser; and 

1° p b) a relational database coupled between the data parser and the display, and wherein: 

the data parser transfers the categorized data to the relational database. 



sea 

y 

1^ 12. The data compilation system of claim 1 1 wherein: 

^ the relational database receives a data query, and 

1 5 f the display shows a portion of the categorized data, up to and including all the data, from the 

ji£ relational database, corresponding to the data query. 

ru 

13 13. The data compilation system of claim 12 wherein: 

the data queries are submitted and the portions are shown through a web browser interface. 

20 

14. The data compilation system of claim 7 further comprising: 

a) an event detector coupled to the data parser and wherein: 

the event detector compares the categorized data to a predetermined event definition and 
provides a signal if a match is found. 

25 
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15. The data compilation system of claim 7 further comprising: 

a) an information technology agent and wherein: 

the network component is programmed by software, the agent collects security data from the 
software, and the data provided from the first network component is the security data 
5 collected by the agent. 

16. The data compilation system of claim 7 wherein: 

the data parser produces formatted and categorized data. 

10 p 17. The data compilation system of claim 7 wherein: 

^| data from the first network component is security data and data from the second network 

*Q component is security data. 

C3 

^2 18. The data compilation system of claim 7 wherein: 

15 a. data from the first network component is encrypted and decrypted. 

19. A method of compiling network security data comprising the steps of: 
Q a) collecting security data from a plurality of network components; 

b) accessing a plurality of different parser scripts, each script corresponding to one of 
20 the network components; 

c) applying the plurality of different parser scripts to the security data to produce 
categorized and formatted data; and 

d) storing the categorized and formatted data. 

25 20. The method of claim 19 wherein: 

the plurality of network components includes at least a firewall and an intrusion detection 
system. 
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21. The method of claim 19 further comprising the steps of: 

e) transmitting the categorized and formatted data to a relational database; 

f) providing a user interface for submitting queries to the relational database; and 

g) displaying the categorized and formatted data, or a subset thereof, in accordance with 
submitted queries. 

22. The method of claim 21 wherein: 

step (e) occurs prior to step (d) and step (d) comprises storing the categorized and formatted 
data in the relational database. 

C3 

23. The method of claim 19 further comprising the steps of: 

\Q 

k Q e) comparing the categorized and formatted data to at least one predetermined event 

P definition; and 

\U f) generating a signal if the data meets one of the at least one event definitions. 

P 

^ 24. The method of claim 19 wherein: 

fU one of the network components is programmed by software and an information technology 

£3 
I* 



agent communicates with the software to collect the security data. 



20 25. The method of claim 19 wherein: 

the step of collecting occurs in real time rather than in batches. 

26. The method of claim 19 wherein: 

at least two of the plurality of different parser scripts correspond to the same network 
25 component. 
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